I have my certificates in a folder and I'm looking for a script that will update them when there is a change so that waf will continue working without manual intervention.
I have very little experience scripting, I can read and understand more or less. But anyone has something like this working? with the help of AI I have manage to get this but it need some fixes to make it work.
Anyone can help?
#!/bin/bash
# Define variables
CERT_FOLDER="/path/to/your/certificate/folder"
SOPHOS_API_URL="https://your-sophos-firewall.com:4444/webconsole/APIController"
SOPHOS_USERNAME="your-username"
SOPHOS_PASSWORD="your-password"
CERT_NAME="subzerocloud"
NEW_CERT_NAME="new_subzerocloud_certificate"
# Function to authenticate and get the API token
get_api_token() {
local LOGIN_DATA=$(jq -n \
--arg username "$SOPHOS_USERNAME" \
--arg password "$SOPHOS_PASSWORD" \
'{"username": $username, "password": $password}')
local RESPONSE=$(curl -s -k -X POST "$SOPHOS_API_URL/login" -d "$LOGIN_DATA")
echo "$RESPONSE" | jq -r '.data.token'
}
# Function to read certificate files
read_certificate_files() {
PEM_CONTENT=$(cat "$CERT_FOLDER/certificate.pem" | base64 -w 0)
KEY_CONTENT=$(cat "$CERT_FOLDER/private.key" | base64 -w 0)
}
# Function to check if the certificate exists
check_certificate_exists() {
local TOKEN=$1
local RESPONSE=$(curl -s -k -X GET "$SOPHOS_API_URL/get/certificate/certificate" \
-H "Authorization: Bearer $TOKEN")
echo "$RESPONSE" | jq -e ".data[] | select(.name == \"$CERT_NAME\")" > /dev/null
}
# Function to create a new certificate
create_new_certificate() {
local TOKEN=$1
local JSON_PAYLOAD=$(jq -n \
--arg name "$NEW_CERT_NAME" \
--arg cert "$PEM_CONTENT" \
--arg key "$KEY_CONTENT" \
'{"name": $name, "certificate": $cert, "privateKey": $key, "type": "certificate"}')
local RESPONSE=$(curl -s -k -X POST "$SOPHOS_API_URL/set/certificate/certificate" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "$JSON_PAYLOAD")
echo "Response from POST /set/certificate/certificate: $RESPONSE"
if [[ $(echo "$RESPONSE" | jq -r '.status.code') == "200" ]]; then
echo "New certificate created successfully: $NEW_CERT_NAME"
else
echo "Error creating new certificate: $(echo "$RESPONSE" | jq -r '.status.message')"
exit 1
fi
}
# Function to update an existing certificate
update_sophos_certificate() {
local TOKEN=$1
local JSON_PAYLOAD=$(jq -n \
--arg name "$CERT_NAME" \
--arg cert "$PEM_CONTENT" \
--arg key "$KEY_CONTENT" \
'{"name": $name, "certificate": $cert, "privateKey": $key, "type": "certificate"}')
local RESPONSE=$(curl -s -k -X PUT "$SOPHOS_API_URL/set/certificate/certificate" \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d "$JSON_PAYLOAD")
echo "Response from PUT /set/certificate/certificate: $RESPONSE"
if [[ $(echo "$RESPONSE" | jq -r '.status.code') == "200" ]]; then
echo "Certificate updated successfully"
else
echo "Error updating certificate: $(echo "$RESPONSE" | jq -r '.status.message')"
exit 1
fi
}
# Main function
main() {
echo "Starting certificate update/creation process..."
# Authenticate and get the API token
API_TOKEN=$(get_api_token)
if [ -z "$API_TOKEN" ]; then
echo "Authentication failed. Please check your credentials."
exit 1
fi
# Read the contents of the certificate files
read_certificate_files
# Check if the certificate already exists
if check_certificate_exists "$API_TOKEN"; then
echo "Certificate $CERT_NAME exists. Updating..."
update_sophos_certificate "$API_TOKEN"
else
echo "Certificate $CERT_NAME does not exist. Creating a new one..."
create_new_certificate "$API_TOKEN"
fi
echo "Process completed."
}
# Execute the main function
main
Added TAGs
[edited by: Raphael Alganes at 10:41 AM (GMT -8) on 15 Nov 2024]